1 / 22

Computer Security Management: Assessment and Forensics Session 8

Learn about computer crime and fraud, including examples of crimes committed with computers and common types of internet fraud. Discover controls and management actions to prevent and respond to computer crime and fraud.

maggiecook
Download Presentation

Computer Security Management: Assessment and Forensics Session 8

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Security Management: Assessment and Forensics Session 8

  2. Computer Crime and Computer Fraud • Computer crime means a crime involving computer resources, including using a computer to commit a crime. • Computer fraud means using computer resources to defraud .

  3. Computer Fraud • Using a computer to defraud. • Fraud is an intentional act to deceive or mislead, convert assets to one’s own benefit, or make intentional false statements or misrepresentations often accompanied by omission, manipulation of documents or collusion. • Computer fraud is criminal.

  4. Examples of Crime Targeted at Computer Resources • Hacking. • Deliberate virus spreading. • Theft of information, software or hardware. • Theft of computer resource usage. • Denial of computer services by means of malicious software or messages. • Message interception.

  5. Examples of Crime Committed with Computers • Scams • Phishing • Defamation of character. • Disseminating hate propaganda. • Threats • Developing, holding or spreading child pornography.

  6. Elements of Fraud • A perpetrator lacking integrity or ethics • Motivation to commit fraud • Opportunity to commit and conceal fraud • False representation to a substantial degree

  7. Elements of Fraud • Factor to induce a victim or accomplice to act • Intent to defraud • Injury or loss sustained

  8. Computer Fraud • The fraud provisions of the Criminal Code have been used to prosecute people who used computers to commit frauds. • The Internet is increasingly used to perpetrate fraud because of its reach and the impulse responses of Web surfers.

  9. Computer Fraud • A complex accounting system raises the potential for “creative accounting” and consequently fraud • The general perception that computerized information is reliable makes computer fraud less susceptible to challenge than fraud committed on paper

  10. Examples of Computer Fraud • Manipulating systems or causing glitches to “smooth” quarterly earnings • Salami, rounding down interest calculation and deposit difference to programmer’s own account • Employee selling of customer lists to competitor • Fictitious insurance policies to defraud insurers and reinsurers

  11. Internet Fraud A scheme that uses one or more components of the Internet - such as chat rooms, e-mail, message boards, or Web sites - to present fraudulent solicitations to prospective victims, to conduct fraudulent transactions, or to transmit the proceeds of fraud to financial institutions or others connected with the scheme.

  12. Major types of Internet Fraud • Auction or sales inducing the victim to send money or give out credit card numbers for promised goods • Business opportunity • Work-at-home program

  13. Major Types of Internet Fraud • Investment scheme • Stock market manipulation by spreading fictitious news about public companies • Identity theft

  14. Controls Against Computer Crime and Fraud • Segregation of duties • Management and independent review • Restricted access • Code of business conduct to outline what is not acceptable, what is not supposed to be done with organization IT resources, what constitutes conflict of interest.

  15. Controls Against Computer Crime and Fraud • Intrusion detection and prevention systems • Encryption • Security education • Analytical review

  16. Controls Against Computer Crime and Fraud • System monitoring • Security check on new hires and contractors • An established process for whistle blowing and investigation • Exemplifying management culture

  17. Controls Against Computer Crime and Fraud • Lock laptops when not attended to • Scheduled refreshment of web sites from the backup version to nullify even minor changes by hackers such as changing a key word in the user agreement or a rate

  18. Management Actions in Reaction to Computer Crime • Damage control by pulling equipment off the network. • Preserve evidence, do not turn off computers. • Call a forensic expert to image the computer hard disks. • Do not use the computer until the hard disk is successfully captured

  19. Management Actions in Reaction to Computer Fraud • Do not set off alarm, let the suspect continue. • Damage control, by making backup of data and providing an alternate plan. • Continue to monitor suspect. • Collect evidence behind the scene. • Depending on severity, may need to terminate access or reassign suspect immediately. • Sanitize data behind the scene.

  20. Conducting the Forensic Investigation • Gathering evidence • Rules of Evidence must be carefully followed • Chain of custody critical • Interviewing personnel • Invigilation • Indirect methods of proof

  21. Tools of Computer Forensics Screwdriver and pliers Disk imaging software Hash calculation utility Search utilities File and data recovery tools File viewing utilities Password cracking software Digital camera

  22. Conclusion • Computer crime and computer fraud on the rise • Organizations should adopt a code of business conduct. • Organizations should have chief ethic officers

More Related